|
225011
|
5.3 |
MEDIUM
Network
|
tcpdump
|
libpcap
|
rpcapd/daemon.c in libpcap before 1.9.1 on non-Windows platforms provides details about why authentication failed, which might make it easier for attackers to enumerate valid usernames.
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2019-15162
|
2024-11-21 13:28 |
2019-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225012
|
5.3 |
MEDIUM
Network
|
tcpdump
|
libpcap
|
rpcapd/daemon.c in libpcap before 1.9.1 mishandles certain length values because of reuse of a variable. This may open up an attack vector involving extra data at the end of a request.
|
CWE-131
Incorrect Calculation of Buffer Size
|
CVE-2019-15161
|
2024-11-21 13:28 |
2019-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225013
|
7.5 |
HIGH
Network
|
tcpdump
apple
debian
fedoraproject
opensuse
redhat
netapp
canonical
|
tcpdump
mac_os_x
debian_linux
fedora
leap
enterprise_linux
cloud_backup
solidfire
hci_management_node
ubuntu_linux
|
lmp_print_data_link_subobjs() in print-lmp.c in tcpdump before 4.9.3 lacks certain bounds checks.
|
CWE-120
Classic Buffer Overflow
|
CVE-2019-15166
|
2024-11-21 13:28 |
2019-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225014
|
6.5 |
MEDIUM
Network
|
cisco
|
unified_communications_manager
|
A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition (SME) could allow an unauthenticated, remote att…
|
CWE-444
HTTP Request Smuggling
|
CVE-2019-15272
|
2024-11-21 13:28 |
2019-10-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225015
|
6.1 |
MEDIUM
Network
|
cisco
|
unified_contact_center_express
|
A vulnerability in Cisco Unified Contact Center Express (UCCX) Software could allow an unauthenticated, remote attacker to conduct an HTTP response splitting attack. The vulnerability is due to insuf…
|
CWE-74
Injection
|
CVE-2019-15259
|
2024-11-21 13:28 |
2019-10-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225016
|
8.6 |
HIGH
Network
|
cisco
|
adaptive_security_appliance_software
firepower_threat_defense
asa_5505_firmware
asa_5510_firmware
asa_5512-x_firmware
asa_5515-x_firmware
asa_5520_firmware
asa_5525-x_firmware
A vulnerability in the Internet Key Exchange version 1 (IKEv1) feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthentic…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2019-15256
|
2024-11-21 13:28 |
2019-10-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
225017
|
7.5 |
HIGH
Network
|
html-pdf_project
|
html-pdf
|
The html-pdf package 2.2.0 for Node.js has an arbitrary file read vulnerability via an HTML file that uses XMLHttpRequest to access a file:/// URL.
|
CWE-668
Exposure of Resource to Wrong Sphere
|
CVE-2019-15138
|
2024-11-21 13:28 |
2019-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225018
|
8.8 |
HIGH
Network
|
prise
|
adas
|
An issue was discovered in PRiSE adAS 1.7.0. Forms have no CSRF protection, letting an attacker execute actions as the administrator.
|
CWE-352
Origin Validation Error
|
CVE-2019-15089
|
2024-11-21 13:28 |
2019-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225019
|
9.8 |
CRITICAL
Network
|
prise
|
adas
|
An issue was discovered in PRiSE adAS 1.7.0. Password hashes are compared using the equality operator. Thus, under specific circumstances, it is possible to bypass login authentication.
|
NVD-CWE-noinfo
|
CVE-2019-15088
|
2024-11-21 13:28 |
2019-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
225020
|
7.2 |
HIGH
Network
|
prise
|
adas
|
An issue was discovered in PRiSE adAS 1.7.0. An authenticated user can change the function used to hash passwords to any function, leading to remote code execution.
|
CWE-94
Code Injection
|
CVE-2019-15087
|
2024-11-21 13:28 |
2019-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
